We have been exploring ways in which a programming language can be
used to ensure that web applications correctly enforce their security
policies. Prior work has focused on the enforcement of information
flow policies. We aim to go beyond this.
So far, we have developed a core programming calculus in which a wide range of policies, including access control, data provenance tracking, stateful information disclosure policies, and various forms of information flow policies can all be reliably enforced. Some of these ideas have been implemented in a language we call "Security-Enhanced Links," an extension of the Links web programming language.
We have used SELinks to build two secure web applications. Our experience indicates that it is relatively easy to use SELinks to ensure that an application correctly enforces several common policies.
|The initial release of SELinks is available: SEWiki. This is a secure online document management system that enforces a fine-grained access control policy on each document, and even on fragments of documents. We also use SELinks to accurately track provenance information in SEWiki, like edit histories of each document. You can experiment with SEWiki here.|
Cross-tier, Label-based Security Enforcement for Web Applications|
Brian J. Corcoran, Nikhil Swamy, and Michael Hicks
In Proceedings of the ACM SIGMOD International Conference on Management of Data, June 2009.
[ abstract | pdf | bib ]
Fable: A Language for Enforcing User-defined Security Policies
Verified Enforcement of Stateful Information Release Policies
Combining Provenance and Security Policies in a Web-based Document Management System
Verified Enforcement of Security Policies for Cross-Domain Information Flows
This document is prepared through collaborative participation in the Communications and Networks Consortium sponsored by the U. S. Army Research Laboratory under the Collaborative Technology Alliance Program, Cooperative Agreement DAAD19-01-2-0011. The U. S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation thereon.
This material is based upon work supported by the National Science Foundation under Grant No. CCF-0524036, Collaborative Research: CT-T: Flexible,Decentralized Information-flow Control for Dynamic Environments. Any opinions, findings and conclusions or recome ndations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF).
The views expressed here do not necessarily represent those of our funding sources.